Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Deploying the Phone-home Client and Zero Touch Provisioning on vSRX Virtual Firewall

SUMMARY 

You can use the phone-home client and ZTP to provide a user-defined configuration file for the vSRX Virtual Firewall. The phone-home client and ZTP are supported on VMWare, KVM (Kernel-based Virtual Machine) hypervisors, and in various deployment environments, such as AWS (Amazon Web Service), GCP (Google Cloud Platform), OCI (Oracle Cloud Infrastructure, and Microsoft Azure.

Factory Default Configuration on vSRX Virtual Firewall

Here's the factory default configuration for the phone-home client:

Note:

You must perform the changes suggested in the ‘vSRX Virtual Firewall XML on KVM’ and ‘vSRX Virtual Firewall virtual machine edit settings in VMware’ before the first reboot. This ensures that the correct factory default configuration with PHC commands are loaded during the first boot.

Deploying ZTP on KVM

To deploy ZTP on a KVM, set the entry name='version' to phone-home-true in the VM deployment XML file.

For example:

Deploying ZTP on VMWare

To deploy ZTP on VMWare, enable the Open Virtualization Format (OVF) setting in the VMWare GUI, and set phone-home to true.

  1. To enable OVF in the VMWare GUI, go to Edit Virtual Machine Setting | vApp Options | OVF setting : OVF environment transparent | VMWare Tools: enable.
  2. To enable the phone-home client in the VMWare GUI, go to Edit Virtual Machine Setting | vApp Options | Properties | phone-home true .

Deploying ZTP on Amazon Web Services, Google Cloud Platform, and Oracle CIoud Infrastructure

To enable ZTP on Amazon Web Services, Google Cloud Platform, and Oracle CIoud Infrastructure, add the following phone-home client configuration in the CLOUD-INIT USER-DATA file:

Deploying ZTP on Microsoft Azure

To enable ZTP on Microsoft Azure, add the following phone-home client configuration in the write_files section of the CLOUD_INIT_CONFIG.JSON file: